CN112486865A - Method and control chip for performing access control of memory device - Google Patents
Method and control chip for performing access control of memory device Download PDFInfo
- Publication number
- CN112486865A CN112486865A CN201910859548.4A CN201910859548A CN112486865A CN 112486865 A CN112486865 A CN 112486865A CN 201910859548 A CN201910859548 A CN 201910859548A CN 112486865 A CN112486865 A CN 112486865A
- Authority
- CN
- China
- Prior art keywords
- transmission interface
- storage device
- user
- access
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000005540 biological transmission Effects 0.000 claims abstract description 173
- 238000001514 detection method Methods 0.000 description 27
- 238000004891 communication Methods 0.000 description 13
- 230000008569 process Effects 0.000 description 7
- 230000008901 benefit Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
- G06F13/16—Handling requests for interconnection or transfer for access to memory bus
- G06F13/1668—Details of memory controller
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
- G06F13/20—Handling requests for interconnection or transfer for access to input/output bus
- G06F13/28—Handling requests for interconnection or transfer for access to input/output bus using burst mode transfer, e.g. direct memory access DMA, cycle steal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for performing access control of a memory device and a control chip, wherein the control chip is coupled to a host device. The method comprises the following steps: utilizing a first transmission interface of the control chip to judge whether the storage device supports a second transmission interface different from the first transmission interface so as to generate a judgment result; and judging whether the control chip is allowed to determine whether to utilize the second transmission interface of the control chip to access the storage device or not based on the judgment result according to the user authority of a user to the main device. In addition, if the user authority meets a preset condition, a pop-up window can be displayed on the user interface of the main device, so that the user can decide to use the first transmission interface or the second transmission interface to access the storage device.
Description
Technical Field
The present invention relates to access control of a memory device, and more particularly, to a method and a control chip for controlling access to a memory device.
Background
A Peripheral Component Interconnect Express (PCIe) interface (PCIe interface for short) is a high-speed interface commonly found in electronic devices, and has become a reliable high-speed interface under the development of decades. The PCIe interface can be used for communication between the system and the peripheral devices, and due to its easy expansion feature, the PCIe interface is also applied to an external port (port) of the enclosure to allow some removable devices (e.g., external devices) to connect to the system through the PCIe interface, so that users can enjoy the benefits of the PCIe interface without disassembling the enclosure. For example, an interface conforming to the ExpressCard standard provides a PCIe interface for connecting to an external device.
However, utilizing an external device with a PCIe interface to perform a Direct Memory Access (DMA) function is a common and easy means for computer attack (which may be referred to as a Direct Memory Access attack) or data theft. Even if the user locks the screen, the malicious person can still use the modified device with the PCIe interface, and the DMA function of the device is utilized to scan the content of the memory of the user computer, so that the aim of stealing data is easily fulfilled. As data security has become more and more important, many approaches have been proposed to try to avoid this, and the simplest approach is to remove the external port that conforms to the PCIe standard. In this case, it may be difficult for the user to enjoy the benefits of using the PCIe interface. Therefore, a novel method and apparatus (e.g., a control chip) are needed to solve the problems of the related art without side effects or with less side effects.
Disclosure of Invention
An objective of the present invention is to provide a method and a control chip for performing access control on a storage device, so as to solve the problem in the related art that data security and performance (for example, benefits such as transmission speed and the like brought by using a Peripheral Component Interconnect Express (PCIe) interface) are difficult to be considered at the same time.
At least one embodiment of the present invention provides a method for performing access control of a memory device, and the method is applicable to a control chip (application to) coupled to a host device (host device). The method comprises the following steps: utilizing a first transmission interface of the control chip to judge whether the storage device supports a second transmission interface different from the first transmission interface so as to generate a judgment result, wherein the second transmission interface can be applied to Direct Memory Access (DMA); and selectively displaying a pop-up window (pop-up window) on a user interface coupled to the host device according to the determination result, so that a user can access the storage device by using the first transmission interface or the second transmission interface.
At least one embodiment of the present invention provides a method for performing access control of a memory device, and the method is applicable to a control chip coupled to a host device. The method comprises the following steps: utilizing a first transmission interface of the control chip to judge whether the storage device supports a second transmission interface different from the first transmission interface so as to generate a judgment result, wherein the second transmission interface can be applied to direct memory access; and determining whether to allow the control chip to execute a control scheme according to a user authority of a user to the main device, wherein the control scheme comprises determining whether to utilize the second transmission interface of the control chip to access the storage device based on the determination result.
At least one embodiment of the present invention provides a control chip for performing access control on a memory device, and the control chip includes a selection circuit, a first transmission interface, and a second transmission interface different from the first transmission interface. The selection circuit is coupled to a host device, and the first transmission interface and the second transmission interface are respectively coupled to the selection circuit, wherein the second transmission interface can be applied to direct memory access. When the control chip detects that the storage device is inserted, the control chip can utilize the first transmission interface to judge whether the storage device supports the second transmission interface so as to generate a judgment result. In addition, according to the judgment result, the main device can selectively display a pop-up window on a user interface coupled to the main device so that a user can decide to use the first transmission interface or the second transmission interface to access the storage device.
At least one embodiment of the present invention provides a control chip for performing access control on a memory device, and the control chip includes a selection circuit, a first transmission interface, and a second transmission interface different from the first transmission interface. The selection circuit is coupled to a host device, and the first transmission interface and the second transmission interface are respectively coupled to the selection circuit, wherein the second transmission interface can be applied to direct memory access. When the control chip detects that the storage device is inserted, the control chip can utilize the first transmission interface to judge whether the storage device supports the second transmission interface so as to generate a judgment result. In addition, the host device may determine whether to allow the selection circuit to execute a control scheme according to a user authority of a user to the host device, wherein the control scheme includes determining whether to access the memory device using the second transmission interface based on the determination result.
The present invention establishes a protection mechanism against direct memory access attack (DMA attack) by means of a judgment mechanism in a process of authority management and/or initialization, so that a user having a general data security concept can have a certain degree of prevention capability against data security related attacks when using an electronic device (such as a personal computer) having an external PCIe interface. Accordingly, the present invention can solve the problems of the related art without side effects or with less side effects.
Drawings
FIG. 1 is a diagram illustrating a memory device inserted into an electronic device according to an embodiment of the invention.
FIG. 2 is a flowchart illustrating a method for performing access control of a memory device according to an embodiment of the present invention.
FIG. 3 is a diagram illustrating a pop-up window according to an embodiment of the present invention.
FIG. 4 is a flowchart illustrating a method for performing access control of a memory device according to another embodiment of the present invention.
FIG. 5 is a flowchart illustrating a method for performing access control of a memory device according to another embodiment of the present invention.
Description of the symbols
10 electronic device
100 access device
120 interface detection circuit
140 bridge circuit
160 control circuit
180 selection circuit
20 inserting groove
30 control chip
200 memory device
50 main device
50C program code
T1 first terminal
T2 second terminal
T3 third terminal
VD write protection detection signal
WP write protection detection terminal
210. 220, 230, 240, 250, 260, 410, 420, 430, 440, 450, 510, 520, 530, 540, 550, 560, 570
Detailed Description
Fig. 1 is a schematic diagram illustrating a memory device 200 inserted into an electronic device 10 according to an embodiment of the invention. In the present embodiment, examples of the electronic device 10 may include (but are not limited to): a notebook computer, a tablet computer, a mobile phone, etc., and the storage device 200 may be a memory card conforming to Secure Digital (SD) standard, but the invention is not limited thereto. The electronic device 10 includes a host device 50 and an access device 100 (e.g., a card reader) coupled to the host device 50, wherein the host device 50 can control the operation of the access device 100 according to a program code 50C (e.g., a program module of an operating system of the electronic device 10 and/or a driver corresponding to the access device 100). In addition, the access device 100 may include a slot 20 and a control chip 30 coupled to the slot 20, wherein the slot 20 may be used to connect the control chip 30 and the memory device 200 to allow the host device 50 to access the memory device 200 through the control chip 30.
In the embodiment, the control chip 30 may include an interface detection module (such as an interface detection circuit 120), a bridge circuit 140, a control circuit 160, a selection circuit 180 and a write protection detection terminal WP coupled to the socket 20, wherein the interface detection circuit 120 and the write protection detection terminal WP are respectively coupled to the control circuit 160, and the control circuit 160 is further coupled to the selection circuit 180, but the invention is not limited thereto. In addition, a set of first terminals T1 of the selection circuit 180 is coupled to the slot 20, and the bridge circuit 140 is coupled between a set of second terminals T2 of the selection circuit 180 and the slot 20. It should be noted that the set of first terminals T1 of the selection circuit 180 and the slot 20 (especially, the storage device 200 inserted into the slot 20) perform data transmission according to a Peripheral Component Interconnect Express (PCIe) communication protocol (denoted PCIe on the corresponding double arrow in the drawing); furthermore, the set of second terminals T2 of the selection circuit 180 and the bridge circuit 140 perform data transmission according to a PCIe communication protocol (denoted PCIe in the figure on the corresponding double arrow), and the bridge circuit 140 and the slot 20 (particularly, the storage device 200 inserted into the slot 20) perform data transmission according to an ultra high speed (UHS-I) communication protocol (denoted UHS-I in the figure on the corresponding double arrow) different from the PCIe communication protocol, wherein the bridge circuit 140 is used for translating between the PCIe communication protocol and the UHS-I communication protocol, but the invention is not limited thereto; the master device 50 is coupled to a set of third terminals T3 of the selection circuit 180 and performs data transmission with the control chip 30 according to the PCIe protocol.
In addition, the write protection detection terminal WP may be used to monitor (monitor) a write protection detection signal VD for detecting whether a write protection switch of the storage device 200 is turned on or not to generate a write protection detection result, wherein the write protection detection terminal WP may be coupled to a pin (pin) of the control chip 30 for providing the write protection detection signal VD to the control chip 30. In some embodiments, the write-protect switch can be turned on, and the voltage level of the write-protect detection signal VD will be maintained at a predetermined voltage level (e.g., 3.3V); in the embodiment shown in fig. 1, since the write protect switch is turned off, the voltage level of the write protect detection signal VD is pulled to a voltage level (e.g., ground voltage level) different from the predetermined voltage level. That is, the write protection detection terminal WP may generate the write protection detection result by monitoring the voltage level of the write protection detection signal VD. In the embodiment, the voltage level of the write-protection detection signal VD varies with the selected slot 20, and the pull-down of the write-protection detection signal VD to the ground voltage level in fig. 1 is only one implementation, but the invention is not limited thereto. For the convenience of understanding the present invention, the write protect switch is assumed to be in the off state in the following embodiments of the present invention, but the present invention is not limited thereto.
The interface detection circuit 120 may detect whether the memory device 200 supports a first communication protocol, such as PCIe communication protocol, to generate an interface detection result. It should be noted that the block diagram of the interface detection circuit 120 according to the present embodiment is shown for illustrative purposes only and is not meant to limit the present invention. In some embodiments, the interface detection circuit 120 may be implemented as part of the control circuit 160, or the interface detection circuit 120 and the control circuit 160 may be implemented as part of the selection circuit 180, but the invention is not limited thereto. In addition, the interface detection circuit 120 is not limited to be implemented by hardware or software (for example, by using the interface signal as the determination condition), and any device capable of assisting the access device 100 to detect whether the storage device 200 supports the first communication protocol is included in the scope of the present invention. In addition, in the embodiment, the control chip 30 includes a first transmission interface (e.g., a UHS-I interface) and a second transmission interface (e.g., a transmission interface applicable to Direct Memory Access (DMA), such as a PCIe interface) different from the first transmission interface, wherein the UHS-I interface is coupled to the selection circuit 180 (particularly, the set of second terminals T2 of the selection circuit 180) through the bridge circuit 140, and the PCIe interface is coupled to the selection circuit 180 (particularly, the set of first terminals T1 of the selection circuit 180) through a bypass (bypass) path without any bridge circuit. Since the first transmission interface (e.g., the UHS-I interface) is enabled for direct memory access (e.g., direct memory access according to the PCIe communication protocol) via the bridge circuit 140, the first transmission interface (e.g., the UHS-I interface) is less vulnerable to direct memory access attacks (DMA atteks) from external/external devices than the second transmission interface that is configured to be external to the device (e.g., external to the controller chip 30, external to the access device 100, or external to the electronic device 10).
For simplicity, the first transmission interface and the second transmission interface are not shown in block diagram, but the data transmission by the PCIe interface and the UHS-I interface is represented by double arrows labeled "PCIe" and "UHS-I", respectively. It should be noted that, no matter how the above-mentioned function of the interface detection module is implemented, the control chip 30 may utilize the UHS-I interface to receive a signal for determining whether the storage device 200 supports the first communication protocol during the initialization process.
FIG. 2 is a flowchart of a method for performing access control of a memory device according to an embodiment of the present invention, wherein the method is applicable to a control chip (such as the control chip 30 shown in FIG. 1) coupled to a host device. It should be noted that one or more steps shown in fig. 2 may be added, deleted and/or modified in the method as long as the overall result is not affected, and the one or more steps do not have to be executed in the order shown in fig. 2. For ease of understanding, please refer to FIG. 2 in conjunction with FIG. 1.
In step 210, a user inserts the storage device 200 into the access device 100 of the electronic device 10, and the process begins.
In step 220, when the control chip 30 detects that any memory card (e.g., the memory device 200) is inserted, the control chip 30 can determine whether the memory device 200 supports the second transmission interface (e.g., the PCIe interface) by using the first transmission interface (e.g., the UHS-I interface) to generate a determination result, e.g., receive related information from the memory device 200 by using the first transmission interface for determining whether the memory device 200 supports the second transmission interface. If so, flow proceeds to block 230; otherwise, flow proceeds to block 260.
In step 230, a user interface (e.g., a display device connected to the personal computer) coupled to the host device 50 (e.g., the user's personal computer) may display a pop-up window (pop-up window), as shown in FIG. 3, for the user to determine whether to access the storage device 200 using the first transmission interface or the second transmission interface.
In step 240, the user can select to access the storage device 200 by using the pop-up window through the first transmission interface or the second transmission interface. If the user selects the second transmission interface, such as the PCIe interface (e.g., presses the button labeled "SD Express" in fig. 3), flow proceeds to step 250; if the user selects the first transport interface, such as the UHS-I interface (e.g., presses the button labeled "UHS-I" in FIG. 3), flow proceeds to step 260.
In step 250, since the memory device 200 supports the second transmission interface and the user selects the second transmission interface, the selection circuit 180 couples the set of third terminals T3 to the set of first terminals T1 to access the memory device 200 using the second transmission interface (e.g., the PCIe interface), such as initializing to a secure digital Express (SD Express) mode. It should be noted that, before entering step 250, the selection circuit 180 is preset to couple the set of third terminals T3 to the set of second terminals T2 (i.e., the control chip 30 is preset to access the memory device 200 by using the first transmission interface (e.g., the UHS-I interface)), but the invention is not limited thereto.
In step 260, the selection circuit 180 continuously couples the set of third terminals T3 to the set of second terminals T2 to access the memory device 200 using the first transmission interface (e.g., the UHS-I interface), such as initializing to a conventional secure digital (legacy SD) mode. For example, the memory device 200 may not support the second transmission interface, and the selection circuit 180 accesses the memory device 200 directly by using the first transmission interface (i.e. step 260 is entered from step 220); for another example, although the memory device 200 supports the second transmission interface, the user selects the first transmission interface, and the selection circuit 180 still uses the first transmission interface to access the memory device 200 without using the second transmission interface (i.e. go from step 240 to step 260).
The method shown in fig. 2 takes advantage of the feature that the control chip 30 is designed to access the storage device 200 using a relatively secure (less vulnerable to direct memory access attacks) transmission interface (e.g., the UHS-I interface), and implements a mechanism for protecting against direct memory access attacks by means of an initialization process for accessing the storage device 200. For example, a user with a general data security concept usually locks the screen of a personal computer when leaving the seat and wants to unlock the screen in a specific manner (e.g., inputting a specific password), in which case, if anyone wants to connect the external PCIe interface of the computer with a modified electronic device and steal data, he cannot push the selected SD Express interface in the window without knowing the screen unlocking method, and thus cannot steal data through the PCIe communication protocol-supporting access device. Under such circumstances, the computer housing must be disassembled to connect with the PCIe inside the computer housing for achieving the purpose, so the difficulty of stealing is increased and the time required for stealing is also prolonged. For another example, a user with a general data security concept wants to access an untrusted memory device through a personal computer, and when the user selects to access the memory device using the first transmission interface or the second transmission interface, the user can select the first transmission interface to avoid the memory device being directly connected to the PCIe interface of the personal computer.
FIG. 4 is a flowchart of a method for performing access control of a memory device according to another embodiment of the present invention, wherein the method is applicable to a control chip coupled to a host device, such as the control chip 30 shown in FIG. 1. It should be noted that one or more steps shown in fig. 4 may be added, deleted and/or modified in the method as long as the overall result is not affected, and the one or more steps do not have to be executed in the order shown in fig. 2. For ease of understanding, please refer to FIG. 4 in conjunction with FIG. 1.
In step 410, a user inserts the storage device 200 into the access device 100 of the electronic device 10 and the process begins.
In step 420, when the control chip 30 detects that any memory card (e.g., the memory device 200) is inserted, the control chip 30 can determine whether the memory device 200 supports the second transmission interface (e.g., the PCIe interface) by using the first transmission interface (e.g., the UHS-I interface) to generate a determination result, e.g., receive related information from the memory device 200 by using the first transmission interface for determining whether the memory device 200 supports the second transmission interface. If so, flow proceeds to block 430; otherwise, flow proceeds to step 450.
In step 430, the host device 50 may determine whether the user permissions (user permissions) of the currently logged-in user with respect to the host device 50 (e.g., a personal computer of the user) meet a predetermined condition, and determine whether to allow the selection circuit 180 to execute a control scheme according to whether the user permissions (user permissions) of the currently logged-in user with respect to the host device 50 meet the predetermined condition, wherein the control scheme includes determining whether to access the memory device using the second transmission interface based on the determination result. If the user's authority for the host device 50 meets the predetermined condition, the process proceeds to step 440; otherwise, flow proceeds to step 450.
In step 440, since the storage device 200 supports the second transmission interface and the user's permission of the host device 50 conforms to the predetermined condition, the selection circuit 180 couples the set of third terminals T3 to the set of first terminals T1 to access the storage device 200 by using the second transmission interface (e.g., the PCIe interface), such as initializing to a secure digital Express (SD Express) mode. It should be noted that, before entering step 440, the selection circuit 180 is preset to couple the set of third terminals T3 to the set of second terminals T2 (i.e., the control chip 30 is preset to access the memory device 200 by using the first transmission interface (e.g., the UHS-I interface)), but the invention is not limited thereto.
In step 450, the selection circuit 180 continuously couples the set of third terminals T3 to the set of second terminals T2 to access the memory device 200 using the first transmission interface (e.g., the UHS-I interface), such as initializing to a conventional secure digital (legacy SD) mode. For example, the memory device 200 may not support the second transmission interface, and the selection circuit 180 accesses the memory device 200 directly by using the first transmission interface (i.e. step 450 is entered from step 420); for another example, although the memory device 200 supports the second transmission interface, the user's permission of the host device 50 does not meet the predetermined condition, and the selection circuit 180 still uses the first transmission interface to access the memory device 200 without using the second transmission interface (i.e., step 450 is proceeded from step 430).
The method shown in fig. 4 utilizes the principle of computer organization management to limit the operations of different users on the pc, and in particular, to limit the users with lower authority so that they cannot use the PCIe interface to access an external electronic device (e.g., a storage device). For example, when a user logs in a personal computer with an account with the highest authority, the control chip 30 may determine to use the first transmission interface or the second transmission interface to access the storage device directly according to whether the inserted storage device supports the second transmission interface; for another example, when a user wishes to switch to an operating mode corresponding to the second transmission interface, a password may be entered to obtain a specific right to access a storage device supporting the second transmission interface using the second transmission interface. For another example, when a user does not have a high enough privilege level and the set of password for obtaining the specific privilege level, the control chip 30 accesses the storage device through the first transmission interface regardless of whether the storage device inserted into the access device 100 supports the second transmission interface.
FIG. 5 is a flowchart of a method for performing access control of a memory device according to another embodiment of the present invention, wherein the method is applicable to a control chip coupled to a host device, such as the control chip 30 shown in FIG. 1, and the method shown in FIG. 5 can be regarded as a combination of the method shown in FIG. 2 and the method shown in FIG. 4. It should be noted that one or more steps shown in fig. 5 may be added, deleted and/or modified in the method as long as the overall result is not affected, and the one or more steps do not have to be executed in the order shown in fig. 2. For ease of understanding, please refer to FIG. 5 in conjunction with FIG. 1.
In step 510, a user inserts the storage device 200 into the access device 100 of the electronic device 10, and the process begins.
In step 520, when the control chip 30 detects that any memory card (e.g., the memory device 200) is inserted, the control chip 30 can determine whether the memory device 200 supports the second transport interface (e.g., the PCIe interface) by using the first transport interface (e.g., the UHS-I interface) to generate a determination result, e.g., receive related information from the memory device 200 by using the first transport interface for determining whether the memory device 200 supports the second transport interface. If so, flow proceeds to block 530; otherwise, flow proceeds to block 570.
In step 530, the host device 50 may determine whether the user's permission of the currently logged-in user to the host device 50 (e.g., a personal computer of the user) meets a predetermined condition, and determine whether to allow the selection circuit 180 to execute a control scheme according to the user's permission to the host device 50 (e.g., whether the user's permission meets the predetermined condition), wherein the control scheme includes determining whether to access the memory device using the second transmission interface based on the determination result. If the user's authority of the user with respect to the host device 50 meets the predetermined condition, the flow proceeds to step 540; otherwise, flow proceeds to block 570.
In step 540, a user interface (e.g., a display device connected to the personal computer) coupled to the host device 50 may display a pop-up window (pop-up window), as shown in FIG. 3, for the user to determine whether to access the storage device 200 using the first transmission interface or the second transmission interface.
In step 550, the user can select to access the storage device 200 using the first transmission interface or the second transmission interface by using the pop-up window. If the user selects the second transmission interface, such as the PCIe interface (e.g., presses the button labeled "SD Express" in fig. 3), flow proceeds to step 560; if the user selects the first transport interface, such as the UHS-I interface (e.g., presses the button labeled "UHS-I" in FIG. 3), flow proceeds to step 570.
In step 560, since the storage device 200 supports the second transmission interface, the user's permission of the host device 50 conforms to the predetermined condition, and the user selects the second transmission interface, the selection circuit 180 couples the set of third terminals T3 to the set of first terminals T1 to access the storage device 200 using the second transmission interface (e.g., the PCIe interface), such as initializing to a secure digital Express (SD Express) mode. It should be noted that, before entering step 560, the selection circuit 180 is preset to couple the set of third terminals T3 to the set of second terminals T2 (i.e., the control chip 30 is preset to access the memory device 200 by using the first transmission interface (e.g., the UHS-I interface)), but the invention is not limited thereto.
In step 570, the selection circuit 180 further couples the set of third terminals T3 to the set of second terminals to access the memory device 200 using the first transmission interface (e.g., the UHS-I interface), for example, to initialize to a conventional secure digital (legacy SD) mode. For example, the memory device 200 may not support the second transmission interface, and the selection circuit 180 accesses the memory device 200 directly by using the first transmission interface (i.e. step 570 is entered from step 520); for another example, although the storage device 200 supports the second transmission interface, the user's permission of the host device 50 does not meet the predetermined condition, and the selection circuit 180 still uses the first transmission interface to access the storage device 200 without using the second transmission interface (i.e. step 570 is proceeded from step 530); for another example, although the memory device 200 supports the second transmission interface and the user's permission of the host device 50 meets the predetermined condition, the user may choose to use the second transmission interface because the memory device 200 is not trusted, and the selection circuit 180 still uses the first transmission interface to access the memory device 200 without using the second transmission interface (i.e., step 550 proceeds to step 570).
The method shown in FIG. 5 is mainly to selectively give the user the authority to select the operation mode according to the computer organization and management principle, if the user authority of a user to the host device 50 conforms to the predetermined condition (e.g. the authority is high enough), the user can select one of the aforementioned secure digital shortcut mode and the conventional secure digital mode for operation; if the user's permission for the host device 50 does not meet the predetermined condition (e.g., the permission is not high enough), the user can only select the conventional secure digital mode to operate.
To summarize, the method and the control chip for performing access control of a memory device according to the present invention utilize the procedure of initializing the secure digital memory card and/or the principle of computer organization management to implement an access control mechanism that is less vulnerable to direct memory access attacks. According to the embodiments of the present invention, the user can experience the advantage of accessing the memory device using the PCIe interface without data security concerns, and the architecture of the control chip provided by the present invention can also allow a person with a general data security concept to effectively avoid direct memory access attacks. In addition, the embodiments of the present invention do not significantly increase additional costs, and thus the present invention can solve the problems of the related art without or with less side effects.
The above-mentioned embodiments are only preferred embodiments of the present invention, and all equivalent changes and modifications made by the claims of the present invention should be covered by the scope of the present invention.
Claims (10)
1. A method for performing access control of a memory device, the method being applicable to a control chip coupled to a host device, the method comprising:
utilizing a first transmission interface of the control chip to judge whether the storage device supports a second transmission interface different from the first transmission interface so as to generate a judgment result, wherein the second transmission interface can be applied to direct memory access; and
and selectively displaying a pop-up window on a user interface coupled to the main device according to the judgment result so that a user can access the storage device by utilizing the first transmission interface or the second transmission interface.
2. The method of claim 1, wherein selectively displaying the pop-up window on the user interface coupled to the host device for the user to determine whether to access the storage device using the first transmission interface or the second transmission interface comprises:
if the judgment result indicates that the storage device does not support the second transmission interface, directly utilizing the first transmission interface to access the storage device; and
if the judgment result indicates that the storage device supports the second transmission interface, the pop-up window is displayed on the user interface coupled to the main device so that the user can decide to use the first transmission interface or the second transmission interface to access the storage device.
3. The method of claim 1, wherein the memory device is a secure digital standard compliant memory card, the first transmission interface is a super high speed class interface, and the second transmission interface is a PCI express interface.
4. A method for performing access control of a memory device, the method being applicable to a control chip coupled to a host device, the method comprising:
utilizing a first transmission interface of the control chip to judge whether the storage device supports a second transmission interface different from the first transmission interface so as to generate a judgment result, wherein the second transmission interface can be applied to direct memory access; and
and determining whether to allow the control chip to execute a control scheme according to a user authority of a user to the main device, wherein the control scheme comprises determining whether to utilize the second transmission interface of the control chip to access the storage device based on the determination result.
5. The method as claimed in claim 4, wherein the step of determining whether to allow the control chip to execute the control scheme according to the user authority of the user to the host device comprises:
if the user authority does not conform to a predetermined condition, directly using the first transmission interface to access the storage device;
if the user authority conforms to the predetermined condition and the judgment result indicates that the storage device does not support the second transmission interface, accessing the storage device by using the first transmission interface; and
if the user authority conforms to the predetermined condition and the determination result indicates that the storage device supports the second transmission interface, the storage device is accessed by using the second transmission interface.
6. The method as claimed in claim 4, wherein the step of determining whether to allow the control chip to execute the control scheme according to the user authority of the user to the host device comprises:
if the user authority does not conform to a predetermined condition, directly using the first transmission interface to access the storage device; and
if the user authority meets the preset condition, a pop-up window is selectively displayed on a user interface coupled to the main device based on the judgment result, so that the user can decide to use the first transmission interface or the second transmission interface to access the storage device.
7. A control chip for performing access control of a memory device, comprising:
a selection circuit coupled to a host device;
a first transmission interface coupled to the selection circuit; and
a second transmission interface different from the first transmission interface and coupled to the selection circuit, wherein the second transmission interface can be applied to direct memory access;
when the control chip detects that the storage device is inserted, the control chip judges whether the storage device supports the second transmission interface by using the first transmission interface to generate a judgment result, and the main device selectively displays a pop-up window on a user interface coupled to the main device according to the judgment result so that a user can decide to use the first transmission interface or the second transmission interface to access the storage device;
wherein:
if the judgment result indicates that the storage device does not support the second transmission interface, the selection circuit directly utilizes the first transmission interface to access the storage device; and
if the judgment result indicates that the storage device supports the second transmission interface, the main device displays the pop-up window on the user interface coupled to the main device so that the user can decide to use the first transmission interface or the second transmission interface to access the storage device.
8. A control chip for performing access control of a memory device, comprising:
a selection circuit coupled to a host device;
a first transmission interface coupled to the selection circuit; and
a second transmission interface different from the first transmission interface and coupled to the selection circuit, wherein the second transmission interface can be applied to direct memory access;
when the control chip detects that the storage device is inserted, the control chip judges whether the storage device supports the second transmission interface by using the first transmission interface to generate a judgment result, and the main device judges whether to allow the selection circuit to execute a control scheme according to a user authority of a user to the main device, wherein the control scheme comprises the step of determining whether to use the second transmission interface to access the storage device or not based on the judgment result.
9. The control chip of claim 8, wherein:
if the user authority does not conform to a predetermined condition, the selection circuit directly utilizes the first transmission interface to access the storage device;
if the user authority conforms to the predetermined condition and the determination result indicates that the storage device does not support the second transmission interface, the selection circuit accesses the storage device by using the first transmission interface; and
if the user authority conforms to the predetermined condition and the determination result indicates that the storage device supports the second transmission interface, the selection circuit accesses the storage device using the second transmission interface.
10. The control chip of claim 8, wherein:
if the user authority does not conform to a predetermined condition, the selection circuit directly utilizes the first transmission interface to access the storage device; and
if the user authority meets the preset condition, the main device selectively displays a pop-up window on a user interface coupled to the main device based on the judgment result so that the user can decide to use the first transmission interface or the second transmission interface to access the storage device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910859548.4A CN112486865A (en) | 2019-09-11 | 2019-09-11 | Method and control chip for performing access control of memory device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910859548.4A CN112486865A (en) | 2019-09-11 | 2019-09-11 | Method and control chip for performing access control of memory device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112486865A true CN112486865A (en) | 2021-03-12 |
Family
ID=74920265
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910859548.4A Pending CN112486865A (en) | 2019-09-11 | 2019-09-11 | Method and control chip for performing access control of memory device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112486865A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6118780A (en) * | 1997-03-17 | 2000-09-12 | International Business Machines Corporation | Communication network and method of operation for real time user selection of voice and/or data paths in the network |
| CN1477516A (en) * | 2002-08-19 | 2004-02-25 | 英保达股份有限公司 | Fingerprint identification information storage system with different access authorities and its method |
| US20100070683A1 (en) * | 2008-09-16 | 2010-03-18 | International Business Machines Corporation | Method to monitor read/write status of flash memory devices |
| CN103180817A (en) * | 2012-07-02 | 2013-06-26 | 杭州华为数字技术有限公司 | Storage expansion apparatus and server |
| CN105594176A (en) * | 2013-07-05 | 2016-05-18 | 柏思科技有限公司 | Methods and systems for transmitting packets through network interfaces |
| CN108664423A (en) * | 2017-03-27 | 2018-10-16 | 瑞昱半导体股份有限公司 | Electronic device and storage card access method |
-
2019
- 2019-09-11 CN CN201910859548.4A patent/CN112486865A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6118780A (en) * | 1997-03-17 | 2000-09-12 | International Business Machines Corporation | Communication network and method of operation for real time user selection of voice and/or data paths in the network |
| CN1477516A (en) * | 2002-08-19 | 2004-02-25 | 英保达股份有限公司 | Fingerprint identification information storage system with different access authorities and its method |
| US20100070683A1 (en) * | 2008-09-16 | 2010-03-18 | International Business Machines Corporation | Method to monitor read/write status of flash memory devices |
| CN103180817A (en) * | 2012-07-02 | 2013-06-26 | 杭州华为数字技术有限公司 | Storage expansion apparatus and server |
| CN105594176A (en) * | 2013-07-05 | 2016-05-18 | 柏思科技有限公司 | Methods and systems for transmitting packets through network interfaces |
| CN108664423A (en) * | 2017-03-27 | 2018-10-16 | 瑞昱半导体股份有限公司 | Electronic device and storage card access method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5836010A (en) | Personal computer using chip-in card to prevent unauthorized use | |
| US7447895B2 (en) | BIOS locking device, computer system with a BIOS locking device and control method thereof | |
| US7814532B2 (en) | Data processing system and method for password protecting a boot device | |
| US7043587B2 (en) | System and method for connecting a universal serial bus device to a host computer system | |
| US20030200445A1 (en) | Secure computer system using SIM card and control method thereof | |
| TWI715181B (en) | Method and control chip for performing access control of memory device | |
| US11151065B2 (en) | Method for performing detection control of write protection function of memory device, associated control chip and associated electronic device | |
| US20080106366A1 (en) | Damage detection for an anti-theft interface | |
| US6542995B2 (en) | Apparatus and method for maintaining secured access to relocated plug and play peripheral devices | |
| KR20030094396A (en) | Mechanism for closing back door access mechanisms in personal computer systems | |
| CN101464933B (en) | BIOS write protection method and system | |
| US20050036285A1 (en) | Portable computer | |
| US7584501B2 (en) | System and method for authorizing use of a connection device coupled to a processing system | |
| US20140373183A1 (en) | Computer and control method thereof | |
| CN105809069B (en) | Removed device, method and the driver when preventing solid state drive from may have access to | |
| CN109033848B (en) | Method and system for safely operating stored data | |
| KR20070007596A (en) | Computer | |
| US11947466B2 (en) | Storage device, nonvolatile memory system including memory controller, and operating method of the storage device | |
| CN112486865A (en) | Method and control chip for performing access control of memory device | |
| US20050044408A1 (en) | Low pin count docking architecture for a trusted platform | |
| US20060185006A1 (en) | Flash card capable of enabling or disabling CPRM function | |
| KR101739337B1 (en) | Dedicated USB port security device for keyboard and mouse and method of limiting BIOS access using the same | |
| CN106886699B (en) | Fingerprint verification method and related equipment | |
| EP3274895B1 (en) | System management mode trust establishment for os level drivers | |
| US20120023598A1 (en) | Bios usb write prevent |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |